1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# frozen_string_literal: true
require_relative 'em_test_helper'
class TestSSLDhParam < Test::Unit::TestCase
require_relative 'em_ssl_handlers'
include EMSSLHandlers
DH_PARAM_FILE = File.join(__dir__, 'dhparam.pem')
DH_1_2 = { cipher_list: "DHE,EDH", ssl_version: %w(TLSv1_2) }
CLIENT_1_2 = { client_unbind: true, ssl_version: %w(TLSv1_2) }
def test_no_dhparam
omit_if(EM.library_type == :pure_ruby) # DH will work with defaults
omit_if(rbx?)
client_server client: CLIENT_1_2, server: DH_1_2
refute Client.handshake_completed?
refute Server.handshake_completed?
end
def test_dhparam_1_2
omit_if(rbx?)
# a few platforms error due to long test times, default is 3
slow_platforms = %w[arm-linux-gnueabi armhf-linux-gnueabi hppa-linux-gnu mips-linux-gnu mipsel-linux-gnu sparc64-linux-gnu]
slow = slow_platforms.include?(RUBY_PLATFORM) ? 30 : 3
client_server client: CLIENT_1_2,
server: DH_1_2.merge(dhparam: DH_PARAM_FILE),
timeout: slow
assert Client.handshake_completed?
assert Server.handshake_completed?
assert Client.cipher_name.length > 0
assert_equal Client.cipher_name, Server.cipher_name
assert_match(/^(DHE|EDH)/, Client.cipher_name)
end
def test_dhparam_1_3
omit_if(rbx?)
omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
client = { client_unbind: true, ssl_version: %w(TLSv1_3) }
server = { dhparam: DH_PARAM_FILE, cipher_list: "DHE,EDH", ssl_version: %w(TLSv1_3) }
client_server client: client, server: server
assert Client.handshake_completed?
assert Server.handshake_completed?
assert Client.cipher_name.length > 0
assert_equal Client.cipher_name, Server.cipher_name
# see https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
# may depend on OpenSSL build options
assert_equal "TLS_AES_256_GCM_SHA384", Client.cipher_name
end
end if EM.ssl?
|
